Managing Users and Attributes
Data Set Security and Access Control
Koverse provides fine-grained access control to data sets and even individual records and attributes within data sets.
Organizations can define groups, associate users to groups, and grant permissions to groups for system actions or data set-specific actions.
In some cases the mapping of users to groups is defined by an external system such as Active Directory, LDAP, or another single-sign on system. If not, Koverse provides a built-in method of defining users and groups.
Regardless of how users and groups are managed, Koverse will manage the permissions granted to groups for Koverse-specific system actions and for access to data sets.
In this section we cover how to manage attributes, users, and groups.
Koverse allows dataset owners to filter or ‘hide’ specific attributes within a dataset so that their values aren’t visible in search results. This allows organizations to protect sensitive values, such as PII (personally identifiable information) in order to comply with your organization’s data protection policy as well as regulatory policies such as HIPPA and GDPR.
Creating an attribute is a two-step process that is paired with the ABAC (Attribute Based Access Control) Label parser step when uploading data. Assigned attributes must match ABAC labels to work properly.
To create an attribute, under Workspace Settings, click Attributes, and this will allow you to add an attribute that matches your already defined ABAC label(s).
You’ll be able to configure the attribute name, the attribute token, as well as the option to assign any users to your attribute. You can also add a description to your attribute for internal tracking purposes.
Users and Groups
Koverse provides administrators and data owners fine grained controls over what actions users of the system can perform and what data they can see. Koverse maintains several types of permissions to enable this functionality. These are broken into two roles Admin and Member.
For instance, if a given user is allowed to create new Datasets or not. Datasets Permissions control what data is visible to which Users and what actions Users can perform with respect to a specific Dataset(such as, read/write).
Finally, Application Permissions control who can use both the built-in and custom Applications loaded in Koverse. All of these permissions are controlled at the Group level. Users inherit the permissions that have been given to the groups they belong to.
Admin Permissions allow the user system level access across the Koverse platform, while ‘Member’ access must be granted certain privileges or permissions by an Admin user.
Most User and Group management in Koverse is done through the Application. In addition to having the Manage Users & Groups Permission, a User would also need permission to use the System Administration Application.
Users with the Admin role are able to:
- View all Groups and Group membership (both Koverse and External)
- Create new Koverse Groups (externally defined Groups are automatically created)
- Modify Koverse Groups
- Delete Koverse Groups
- View all Users
- Create new Users
- Modify Users
- Delete Users
Creating a User/Group
Once you’re on the Koverse Data Platform landing page, you’ll notice on the bottom left hand tab under ‘Workspace Settings’ you have an option for ‘Group’ and an option for ‘User’. To create a user, click on the User option where you will be directed to ‘Invite User’ (tab located in the right hand corner). Inviting a user to your workspace, simply means sending that person an email invitation to join the workspace. Please note, you will be prompted to add this user to either an Admin or Member role
Now that you have a few users, you can now create a group. Click on the group icon under Workspace Settings, where you will be taken to the option to ‘Add Group’. Be sure to follow organizational structure when naming your group if applicable. In addition to being able to name your group, now you can also add users to the group as well. As new users are added/removed to/from the workspace, you can change out members in the group(s) as needed.